Focal update: v5.4.156 upstream stable release

Bug #1951295 reported by Kamal Mostafa
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Undecided
Unassigned
Focal
Fix Released
Medium
Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       v5.4.156 upstream stable release
       from git://git.kernel.org/

parisc: math-emu: Fix fall-through warnings
net: switchdev: do not propagate bridge updates across bridges
tee: optee: Fix missing devices unregister during optee_remove
ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default
xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF
xtensa: xtfpga: Try software restart before simulating CPU reset
NFSD: Keep existing listeners on portlist error
dma-debug: fix sg checks in debug_dma_map_sg()
ASoC: wm8960: Fix clock configuration on slave mode
netfilter: ipvs: make global sysctl readonly in non-init netns
lan78xx: select CRC32
net: dsa: lantiq_gswip: fix register definition
NIOS2: irqflags: rename a redefined register name
net: hns3: reset DWRR of unused tc to zero
net: hns3: add limit ets dwrr bandwidth cannot be 0
net: hns3: disable sriov before unload hclge layer
net: stmmac: Fix E2E delay mechanism
net: enetc: fix ethtool counter name for PM0_TERR
can: rcar_can: fix suspend/resume
can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification
can: peak_pci: peak_pci_remove(): fix UAF
can: j1939: j1939_tp_rxtimer(): fix errant alert in j1939_tp_rxtimer
can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv
can: j1939: j1939_xtp_rx_dat_one(): cancel session if receive TP.DT with error length
can: j1939: j1939_xtp_rx_rts_session_new(): abort TP less than 9 bytes
ceph: fix handling of "meta" errors
ocfs2: fix data corruption after conversion from inline format
ocfs2: mount fails with buffer overflow in strlen
elfcore: correct reference to CONFIG_UML
vfs: check fd has read access in kernel_read_file_from_fd()
ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset
ALSA: hda/realtek: Add quirk for Clevo PC50HS
ASoC: DAPM: Fix missing kctl change notifications
audit: fix possible null-pointer dereference in audit_filter_rules
powerpc64/idle: Fix SP offsets when saving GPRs
KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest()
KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest
powerpc/idle: Don't corrupt back chain when going idle
mm, slub: fix mismatch between reconstructed freelist depth and cnt
mm, slub: fix potential memoryleak in kmem_cache_open()
nfc: nci: fix the UAF of rf_conn_info object
isdn: cpai: check ctr->cnr to avoid array index out of bound
netfilter: Kconfig: use 'default y' instead of 'm' for bool config option
selftests: netfilter: remove stray bash debug line
gcc-plugins/structleak: add makefile var for disabling structleak
btrfs: deal with errors when checking if a dir entry exists during log replay
net: stmmac: add support for dwmac 3.40a
ARM: dts: spear3xx: Fix gmac node
isdn: mISDN: Fix sleeping function called from invalid context
platform/x86: intel_scu_ipc: Update timeout value in comment
ALSA: hda: avoid write to STATESTS if controller is in reset
Input: snvs_pwrkey - add clk handling
scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma()
tracing: Have all levels of checks prevent recursion
ARM: 9122/1: select HAVE_FUTEX_CMPXCHG
pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume()
Linux 5.4.156
UBUNTU: upstream stable to v5.4.156

CVE References

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Focal):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu):
status: Confirmed → Invalid
description: updated
Stefan Bader (smb)
Changed in linux (Ubuntu Focal):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (19.0 KiB)

This bug was fixed in the package linux - 5.4.0-92.103

---------------
linux (5.4.0-92.103) focal; urgency=medium

  * focal/linux: 5.4.0-92.103 -proposed tracker (LP: #1952316)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)

  * CVE-2021-4002
    - tlb: mmu_gather: add tlb_flush_*_range APIs
    - hugetlbfs: flush TLBs correctly after huge_pmd_unshare

  * Re-enable DEBUG_INFO_BTF where it was disabled (LP: #1945632)
    - [Config] Enable CONFIG_DEBUG_INFO_BTF on all arches

  * Focal linux-azure: Vm crash on Dv5/Ev5 (LP: #1950462)
    - KVM: VMX: eVMCS: make evmcs_sanitize_exec_ctrls() work again
    - jump_label: Fix usage in module __init

  * Support builtin revoked certificates (LP: #1932029)
    - Revert "UBUNTU: SAUCE: (lockdown) Make get_cert_list() not complain about
      cert lists that aren't present."
    - integrity: Move import of MokListRT certs to a separate routine
    - integrity: Load certs from the EFI MOK config table
    - certs: Add ability to preload revocation certs
    - integrity: Load mokx variables into the blacklist keyring
    - certs: add 'x509_revocation_list' to gitignore
    - SAUCE: Dump stack when X.509 certificates cannot be loaded
    - [Packaging] build canonical-revoked-certs.pem from branch/arch certs
    - [Packaging] Revoke 2012 UEFI signing certificate as built-in
    - [Config] Configure CONFIG_SYSTEM_REVOCATION_KEYS with revoked keys

  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679)
    - efi: Support for MOK variable config table
    - efi: mokvar-table: fix some issues in new code
    - efi: mokvar: add missing include of asm/early_ioremap.h
    - efi/mokvar: Reserve the table only if it is in boot services data
    - SAUCE: integrity: add informational messages when revoking certs

  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679) // CVE-2020-26541 when certificates are revoked via
    MokListXRT.
    - SAUCE: integrity: Load mokx certs from the EFI MOK config table

  * Focal update: v5.4.157 upstream stable release (LP: #1951883)
    - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
    - ARM: 9134/1: remove duplicate memcpy() definition
    - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
    - ARM: 9141/1: only warn about XIP address when not compile testing
    - ipv6: use siphash in rt6_exception_hash()
    - ipv4: use siphash instead of Jenkins in fnhe_hashfun()
    - usbnet: sanity check for maxpacket
    - usbnet: fix error return code in usbnet_probe()
    - Revert "pinctrl: bcm: ns: support updated DT binding as syscon subnode"
    - ata: sata_mv: Fix the error handling of mv_chip_id()
    - nfc: port100: fix using -ERRNO as command type mask
    - net/tls: Fix flipped sign in tls_err_abort() calls
    - mmc: vub300: fix control-message timeouts
    - mmc: cqhci: clear HALT state after CQE enable
    - mmc: dw_mmc: exynos: fix the finding clock sample value
    - mmc: sdhci: Map more voltage level to SDHCI_POWER_330
    - mmc: sdhci-esdhc-imx: clear the buffe...

Changed in linux (Ubuntu Focal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers